SSL vulnerability called BEAST

Does it affect your secure webserver?

You should know, if  you accept credit cards or handle social security numbers on your website.

See these two articles for more expert information:

http://arstechnica.com/business/news/2012/04/90-of-popular-ssl-sites-vulnerable-to-exploits-researchers-find.ars

http://luxsci.com/blog/is-ssltls-really-broken-by-the-beast-attack-what-is-the-real-story-what-should-i-do.html

 

Testing:

This company will test your https connection. Here’s a example report.

https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fmillfalls.com&hideResults=on

 

From Lux-Sci: Real-world vulnerability? What is  affected by BEAST?

This problem can affect people browsing secure web sites, allowing eavesdroppers to gain full access to your accounts on those web sites under certain conditions.  It does not affect

It does affect:

  • Accounts you may have with secure web sites that you login to, like PayPal, LuxSci, Gmail, Bank of America, Facebook, etc.

 

Solution:

It is not yet feasible to use a browser or webhost that supports TLS 1.2. For now, here is LuxSci’s advice:

The Take Away Message

People should always be concerned and aware of security as the landscape changes constantly.  We think that beyond the need to upgrade and to implement software fixes, consider the following:

  • We should actually use SSL and TLS whenever possible. Insecure sites puts our browser and computer at risk, as we have no control over what malicious third party may inject into our browsing session.  SSL and TLS actually protect us from that threat.
  • When going to secured web sites, it is best to start in a new browsing session or one that has only visited other secure (https://)  sites.
  • Make your home page a secure site and your other secure sites easily-accessed via bookmarks
  • Use a separate web browsers for normal insecure browsing and for access to your secure sites.
  • Keep your software, web browsers, operating system, anti-virus, and other components up to date.

 

Accept Credit Cards on the Go

Square Inc.

EBay offers PayPal Here

Intuit offers GoPayment

Eventbrite offers At The Door Card Reader

A credit card swiper that plugs into an iPad’s charging slot and can be used to sell tickets and merchandise at event sites.

 

 

Is your Mac infected with Flashback?

Earlier variants of this new malware against Macs target Safari and Firefox. Recent variants only target Safari.

How to locate an infection by the Flashback trojan?

Type or copy/paste  this command into MacOSX Terminal:

defaults read /Applications/%browser%.app/Contents/Info LSEnvironment

From the excellent post: https://www.f-secure.com/weblog/archives/00002336.html